Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/45e648c3-1481-478f-83e2-b25127fa95cd/0/3139332e32342e342e302f32342d3234203d3e20323134303235.roa
File:                     3139332e32342e342e302f32342d3234203d3e20323134303235.roa (raw, json)
Hash identifier:          +v1QY3ywM3Na8NpQTw4Tmpm5P4ulC0E6x+1GOZGs6FI=
Subject key identifier:   7E:35:DE:AE:F0:E4:43:9F:59:54:67:E8:8B:9F:10:B1:DA:0B:8A:D0
Certificate issuer:       /CN=1f84a2481d280de0a103598276db0c954193c755
Certificate serial:       32E19C861EEB20BB2D3F1F65B751C04037E9D465
Authority key identifier: 1F:84:A2:48:1D:28:0D:E0:A1:03:59:82:76:DB:0C:95:41:93:C7:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H4SiSB0oDeChA1mCdtsMlUGTx1U.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/45e648c3-1481-478f-83e2-b25127fa95cd/0/3139332e32342e342e302f32342d3234203d3e20323134303235.roa
Signing time:             Fri 03 Apr 2026 18:18:50 +0000
ROA not before:           Fri 03 Apr 2026 18:13:50 +0000
ROA not after:            Fri 02 Apr 2027 18:18:50 +0000
asID:                     214025
IP address blocks:        193.24.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/45e648c3-1481-478f-83e2-b25127fa95cd/0/1F84A2481D280DE0A103598276DB0C954193C755.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/45e648c3-1481-478f-83e2-b25127fa95cd/0/1F84A2481D280DE0A103598276DB0C954193C755.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H4SiSB0oDeChA1mCdtsMlUGTx1U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 14:03:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:e1:9c:86:1e:eb:20:bb:2d:3f:1f:65:b7:51:c0:40:37:e9:d4:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f84a2481d280de0a103598276db0c954193c755
        Validity
            Not Before: Apr  3 18:13:50 2026 GMT
            Not After : Apr  2 18:18:50 2027 GMT
        Subject: CN=7E35DEAEF0E4439F595467E88B9F10B1DA0B8AD0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:20:6a:b7:b8:b2:15:ae:92:20:99:57:ea:74:
                    41:17:e3:9c:37:38:a8:43:8b:31:92:13:1b:96:83:
                    99:1b:e8:89:c3:b9:6e:48:0a:da:f7:99:b4:6b:23:
                    42:30:10:3f:8b:1e:1f:12:c7:63:68:07:36:19:b9:
                    e4:1d:09:84:98:b6:45:e5:69:9d:a0:dd:68:48:37:
                    fc:85:c7:7e:15:fb:30:1e:f9:4b:df:be:88:21:c1:
                    be:89:7f:c4:c7:b3:f5:a9:87:f4:b8:9f:04:eb:4e:
                    f6:a1:cb:d8:26:2b:42:3c:e2:d5:9d:d5:cd:d8:60:
                    b7:69:d8:d2:c8:19:42:80:93:93:48:6f:bc:8f:a7:
                    70:50:1c:0e:3b:a0:97:01:00:c2:72:3f:be:ba:75:
                    71:b1:b7:4d:b7:55:33:1d:4c:bf:cc:12:e3:b2:e4:
                    e2:5d:32:f3:72:03:b7:e2:56:97:e2:e3:86:6a:35:
                    b6:9e:6e:27:cd:bc:2d:d7:d2:e9:dd:a0:35:17:82:
                    12:8f:60:1a:04:20:c5:7a:58:73:2e:a4:db:c5:82:
                    c2:61:ea:07:c6:d2:79:ec:7b:20:01:66:17:23:2b:
                    70:e0:d4:9a:88:7b:97:dc:b2:30:a0:f5:49:9c:97:
                    e4:f8:1d:e9:53:44:d7:e6:dc:1f:5a:94:e3:a8:6b:
                    97:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:35:DE:AE:F0:E4:43:9F:59:54:67:E8:8B:9F:10:B1:DA:0B:8A:D0
            X509v3 Authority Key Identifier:
                keyid:1F:84:A2:48:1D:28:0D:E0:A1:03:59:82:76:DB:0C:95:41:93:C7:55

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/45e648c3-1481-478f-83e2-b25127fa95cd/0/1F84A2481D280DE0A103598276DB0C954193C755.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H4SiSB0oDeChA1mCdtsMlUGTx1U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/45e648c3-1481-478f-83e2-b25127fa95cd/0/3139332e32342e342e302f32342d3234203d3e20323134303235.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.24.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:46:24:11:64:de:d1:24:02:0f:f2:c1:31:34:48:d8:0b:94:
         f8:64:ce:3d:5f:5a:60:95:15:67:ab:89:6b:b8:4e:ef:ba:85:
         ef:10:22:e4:a3:e6:65:cf:13:1d:44:fd:f0:9e:f9:a9:51:ab:
         b3:9e:e1:a5:c4:77:0e:fe:b3:a3:06:fb:df:f5:7a:79:5e:83:
         8c:d3:5c:73:54:3b:e6:fc:09:df:7f:6d:82:2f:6f:61:72:21:
         8f:fa:36:74:11:6f:05:6c:6c:7c:16:8c:7e:f6:c3:16:5a:93:
         f6:8e:92:4a:7f:62:e3:c5:96:15:a6:80:be:b2:fd:06:2d:84:
         0e:09:92:22:9d:43:4f:3a:41:ee:d9:2c:44:4c:a7:a3:cc:c2:
         89:cf:d8:b5:50:f9:f4:32:f7:86:38:fa:66:c1:e2:b8:e7:96:
         c9:d9:11:4c:61:96:0d:93:22:a5:03:a6:23:8e:2b:64:8d:f3:
         af:4c:ed:3b:d8:8b:dd:b3:84:fb:e7:c8:65:b3:fa:93:0b:23:
         c5:3e:0f:ee:8f:90:37:db:41:d5:2d:c4:55:99:b5:2b:61:e3:
         1d:d4:26:36:7d:06:19:e9:af:73:61:59:36:58:47:df:9b:7e:
         8b:6e:20:5e:28:d1:a8:34:6b:2f:1a:3b:ba:15:dd:f2:ce:49:
         cd:c0:ee:d3
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUMuGchh7rILstPx9lt1HAQDfp1GUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMWY4NGEyNDgxZDI4MGRlMGExMDM1OTgyNzZkYjBjOTU0
MTkzYzc1NTAeFw0yNjA0MDMxODEzNTBaFw0yNzA0MDIxODE4NTBaMDMxMTAvBgNV
BAMTKDdFMzVERUFFRjBFNDQzOUY1OTU0NjdFODhCOUYxMEIxREEwQjhBRDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcIGq3uLIVrpIgmVfqdEEX45w3
OKhDizGSExuWg5kb6InDuW5ICtr3mbRrI0IwED+LHh8Sx2NoBzYZueQdCYSYtkXl
aZ2g3WhIN/yFx34V+zAe+Uvfvoghwb6Jf8THs/Wph/S4nwTrTvahy9gmK0I84tWd
1c3YYLdp2NLIGUKAk5NIb7yPp3BQHA47oJcBAMJyP766dXGxt023VTMdTL/MEuOy
5OJdMvNyA7fiVpfi44ZqNbaebifNvC3X0undoDUXghKPYBoEIMV6WHMupNvFgsJh
6gfG0nnseyABZhcjK3Dg1JqIe5fcsjCg9Umcl+T4HelTRNfm3B9alOOoa5f9AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUfjXervDkQ59ZVGfoi58QsdoLitAwHwYDVR0j
BBgwFoAUH4SiSB0oDeChA1mCdtsMlUGTx1UwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDVlNjQ4YzMtMTQ4MS00NzhmLTgzZTItYjI1MTI3ZmE5
NWNkLzAvMUY4NEEyNDgxRDI4MERFMEExMDM1OTgyNzZEQjBDOTU0MTkzQzc1NS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0g0U2lTQjBvRGVDaEExbUNkdHNNbFVH
VHgxVS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDVlNjQ4YzMt
MTQ4MS00NzhmLTgzZTItYjI1MTI3ZmE5NWNkLzAvMzEzOTMzMmUzMjM0MmUzNDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzNDMwMzIzNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMEY
BDANBgkqhkiG9w0BAQsFAAOCAQEAo0YkEWTe0SQCD/LBMTRI2AuU+GTOPV9aYJUV
Z6uJa7hO77qF7xAi5KPmZc8THUT98J75qVGrs57hpcR3Dv6zowb73/V6eV6DjNNc
c1Q75vwJ339tgi9vYXIhj/o2dBFvBWxsfBaMfvbDFlqT9o6SSn9i48WWFaaAvrL9
Bi2EDgmSIp1DTzpB7tksREyno8zCic/YtVD59DL3hjj6ZsHiuOeWydkRTGGWDZMi
pQOmI44rZI3zr0ztO9iL3bOE++fIZbP6kwsjxT4P7o+QN9tB1S3EVZm1K2HjHdQm
Nn0GGemvc2FZNlhH35t+i24gXijRqDRrLxo7uhXd8s5JzcDu0w==
-----END CERTIFICATE-----